Request - JavaScript Compatible Number Canonicalization

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
Report Content as Inappropriate

Request - JavaScript Compatible Number Canonicalization

Anders Rundgren
This may not sound like a security related issue but it actually is...

Although entirely uncoordinated, there are several "standards" in the workings based on creating JSON-based clear text alternatives to IETF's JWS signature scheme (which encodes data in Base64Url).

All of these schemes share a common and quite intricate interoperability issue, namely serialization of the JSON "Number" type.

Fortunately, ECMA who defines JavaScript have defined a strict format which is already implemented in Node.js (V8), Chrome, Firefox, and Safari.

I would therefore propose that the Double object (Number are always stored as double) is augmented with an additional method like toJsonNotation().

I'm currently relying on code that was featured in a previous version of JDK (Rhino):
Newer versions of JDK use another JS engine which produces non-compliant strings :-(